Rewrite Content
Password Hacking Basics
Password hackingis one of the easiest and most common ways for hackers to get unauthorized access to network and computer systems. Hacker uses multiple ways to hack the password.There is no single option to compromise the password.
There is ways to hack passwords foruser login,systempasswords,webpassword,password protected files,FTPpassword,WiFipassword,network passwordsetc.
In this tutorial you will learn most of the password hacking methodologies.Each methods you will have to use accordingly by the scenario.
::Human and Password::
It is a human nature to want convenience.This makes password one of the easiest barriers for an hacker to compromise your accounts.There are almost3 trillionpassword combinations are possible using 26 letters and 0-9 numbers.However, most of the people prefer to use passwords that are easy to remember.They usually uses their pet names,friendsname,family members name and even birth dates as “Login” and “Password“.
Top 25 Common Passwords human uses :
123456 / 123456789 / qwerty / 12345678 / 1111111234567890 / 1234567 / password / 123123 / qwertyuiop
mynoob / 123321 / 666666 / 7777777 / 654321
555555 / Loveyou / Letmein / Admin / Admin123
Password1 / 987654321 / admin@123 / gotohell / pass@123
These passwords are easy to guess and can get you into problem.
::Password Attacks::
Attacker uses variousattacksto hack the password.We will discuss the most common and important attacks and see one example of it.
Dictionary Attack :
Dictionary attack is the attack, where attacker tries to break the password protected machine or network by usingdictionary of passwords.
Attacker having the longlistof predefined passwords called asdictionary.
Why we use Dictionary attack ?
Well,human can try random username and password not more than100.SoHow to checkmillionsof passwords and combinations.Therefore we uses the Dictionary attack ,where attacker create world list first and thenautomate (using tools)the further password hacking attack.
We create the dictionary ofusernameandpasswordthen will use tool calledHYDRAto randomly attempt each user with password.And password probably going to hacked.
How to use HYDRA ? (Kali Linux)
We try to hackFTP passwordof the network.OpenKali Linuxand openterminal.
root@kali:~# hydra -h
root@kali:~# hydra -L username.txt -P passlist.txt ftp://192.168.0.1
root@kali:~# hydra -l user -P passlist.txt ftp://192.168.0.1
commandhydra -hgives the uses of hydra with syntax.Use-L and-Pif you have random list of username and password.If username is known then use-lalong withusername.
You can create your own word list in.txt fileby manually. Or download the word listsHERE.
Hybrid Dictionary Attack :
Hybrid Dictionary attack attacker creates the word list with some combination ofwordsandnumbers.So the hybrid combination of words.Then use this word list in toolHYDRAas see above example.
Tocreate hybrid wordlist we use tool calledCRUNCH. It is already available in Kali Linux machine.
How to use CRUNCH ? (In Kali Linux)
Crunch is the command line tool and very easy to use.We can create any type of word list we want.We can create word list with combination ofword,numbersandspecial charactersas well.
Open Kali Linux machine and openTerminalfrom left hand side bar.
root@kali:~# crunch -h
The commandcrunch -hgives uses of syntax.To get basic understanding how to use crunch.
root@kali:~# crunch 6 7 abcdef012345 -o wordlist.txt
This command use to create a basic word list.In which6 7is the limit of minimum and maximun length of word that have to create.abcdef012345are the letters and numbers that are used to create words of length6-7 .And lastwordlist.txtis the output text file contains the words.
This list wordlist we called asDictionary.You can create word lists by changing the length parameter and letters have to use.
Now use this Dictionary(Word List) in Dictionary Attack and hack the password.
Brute Force Attack:
In Brute Force attack attacker use all possible combinations of letters,numbers,special character to break password.The success ratio for hacking password byBrute Forceattack is very high.But it requires highprocessingpower computing and will taketimeto crack.
We generally useBrute Forceattack when we don’t have any idea about the target password architecture.Brute Force attack can be on hashing as well.Hashingis the transformation of the characters into to aSTRING.This transformation are done by using somehashalgorithm.
Message Digest 5 (MD5)is the hashing algorithm used to hash the windows login password.
How to Brute-Force ?
To perform brute force attack we use toolsJohn the Ripper , Rainbow crackandAircrack-ng .
JOHN THE RIPPER
John the Ripperhas been favourite choice of attacker all time.This tool have lots of password cracking features.It automatically detects thetype ofhashingin the password.
Generally , it can perform brute-force attack with all possible passwords by combining characters and numbers. However, you can also use it with a dictionary of passwords to performdictionaryattacks.
The command line tool and GUI of John The Ripper is available inKali Linuxmachine.
RAINBOW CRACK
Rainbow Crackis the tool use in brute forcing attacks for password cracking.This tool generaterainbowtables(Pre-computed Table)before attack,so it will become easy to attack and saves time.
We directly useRainbowTablesin the Rainbow crack and start attack.Various organizations, which already published the pre-computer rainbow tables for all users. To save time, you can download those rainbow tables and use in your attacks. You can downloadRainbowTablesHERE.
Download the toolRainbow Crackdown download button.
Yo can generate your own Rainbow Tables by using tool called Winrtgen. Winrtgen represents a graphical interface for the Rainbow Table generator. It offers support for several signatures, includingMD-4, MD-5, FastLM, SHA-256, ORACLE, allowing users to create a large table database fordecrypting complex passwordsandbrute force attack.
Download WinrtgenHERE.
AIRCRACK-NG
Aircrack-ngis very popular tool to crack wireless network passwords.Mostly tocrackWiFipasswords. This tools uses the dictionary attack for cracking WIFipasswords.This tool comes withWEP/WPA/WPA2-PSKcracker and analysis tools to perform attack on WIFi 802.11.
See the tutorialWiFi Hackingto learn usage ofAircack-ng
Download the tool
NCRACK
Ncrackis apassword hacking tool for cracking network authentications. It will useful to crack password for protocolsSSH,POP3,SMB,RDP,VNC,FTP.HTTP(s),telnetetc.
This tool use concept ofBrute-Forceto crack network password.You can also use THC-HYDRA in place of NCRACK,butNcrackis specially designed to crack network passwords.
Download the tool Ncrak
Social Engineering Attack:
Social Engineering is the biggest threat of human behaviour. Using social engineering attack the cyber attacks getting more easier.Using social engineering password hacking can be done.As we discussed ininformation gathering tutorial the different types of social engineering attacks we discussed.Gone through it one more time.
Now you are thinking that “How to hack password using social engineering ???“..
Well there is no special tool to do this,you can use techniques likeShoulder Surfing,Eavesdropping and Dumpster Diving.
You can dospoofcall to your friend and claim that you are talking fromBANKand ask forATM CARD PIN or PASSWORD.This is type of Social Engineering attack.Where victim assume that you really talking from Bank and he will disclosed hispasswords.
::Password Hacking Security and Protection::
As an ethical hacker you should know how to protect your self against bad guys.That is how to keep safe from password hacking and cracking.Now we will see how to create strong password and how to get secured…
TIP NO.1:
Create your password having minimum length is8.It should containalphabets,numbers and special characters.Never use password having containwordsfrom dictionary.These word can be easy to guess.
Generate your own strong password ,visit site.
TIP N0.2:
Do not store and write your password on any notebook or any rough paper.This will lead to dumpster diving attack if you loose your paper or notebook.
You can youPassword Managerin pace of writing password anywhere else.
TIP No.3:
UsePassword Managerto keep your all login passwords safe.You don’t have to remember your passwords while login to any web page.Password manager keep your all passwords inencrypted format.
Password Managerare operate usingMaster Password.You need to remember only master password to unlock your all other passwords.
Download (Windows):
Download (Android):mSecure,KeePass2Android
Download (MAC):
Download (iPhone):KeePass
TIP No.4:
You need to check your password strength.How strong your password is ? .Go to site
This site shows you,If hacker try to hack your password,so how much time he require to hack usingBrute-Forceattack.It counts in years also.